Attivo Networks, an award-winning leader in deception for cybersecurity threat detection, has announced new capabilities within its ThreatDefend Detection Platform that aim to anticipate methods an attacker will use to break out from an infected endpoint and ambush its every move. This unique approach to detection specifically focuses on reducing the time an attacker can remain undetected and the amount of effort required for an organisation to restore environments to normal operations. This new Endpoint Detection Net offering will also serve as a powerful protection force-multiplier for businesses using endpoint protection (EPP) and endpoint detection and response (EDR) solutions by closing detection gaps and facilitating automated incident response.
Protecting endpoints and preventing the spread of infected systems is a critical concern for organisations of all sizes, with research revealing that attackers can move off of an initially compromised system in 4.5 hours, on average. Further, new research shows that the average dwell time – the time it takes to detect attackers operating within an enterprise network – increased an average of 10 days in 2019, from 85 to 95 days, highlighting the escalating requirement to secure endpoints and prevent an adversary from establishing a foothold. As a result, CISOs and security managers are increasing their spending and allocating budget for network detection and response tools, staff skills training and endpoint detection and response solutions.
“Endpoints are the new battleground, and well-orchestrated detection and response capabilities are an organisation’s greatest weapon against attackers,” said Ray Kafity, Vice President of META at Attivo Networks. “The new Endpoint Detection Net offering provides organisations of all sizes an efficient and effective way to derail an attacker’s lateral movement before they can establish a foothold or cause material harm.”
The Attivo Endpoint Detection Net product is tackling endpoint security challenges head-on by making every endpoint a decoy designed to disrupt an attacker’s ability to break out and further infiltrate the network. It does this without requiring agents on the endpoint or causing disruption to regular network operations. The company used historical attack data and the MITRE Att@ck framework as a way to understand the various methods attackers use to spread laterally from an endpoint and then created a comprehensive solution designed to stop them.
The Endpoint Detection Net solution elevates security control by accurately raising alerts and taking proactive measures to derail attackers. These capabilities include early attack detection based on:
- Unauthorised active directory queries from an endpoint.
- Theft of local credentials.
- Attempts to compromise file servers by moving to mapped shares.
- Network reconnaissance to find production assets and available services.
- Man-in-the-middle attacks where attackers try to steal credentials in transit.
- Identifying the available attack paths that an attacker would take to move about the network.